PS3 IDPS Viewer Tool Homebrew Application is Released

It's been awhile since the last IDPS update, and today I've created this PS3 IDPS Viewer homebrew application based on research I'm doing and had not planned to release the tool out yet, but if someone needs it here it is (Thanks to J-Martin for the logo).

When the program starts you will see the typical intro screen, if you choose "Yes" you will see the data from your PS3, if sounds three beeps indicates that it was not possible dump and show the error message, and if all went well sounds a beep and you are able to see the data.

Automatically saves the IDPS in dev_hdd0/IDPS.bin, you must open it with a hex editor and look hexadecimal values, for example (IDPS false, I will not reveal my IDPS):

At factory time there is a console specific key generated, probably from a private constant value and a console specific seed. Maybe that’s the key used for encrypting bootldr and metldr. Fact is, that metldr stores another console specific keyset (key/iv) to LS offset 0x00000.

That keyset is probably calculated from the first one. At factory time the isolated root keyset (how I call it) is used to encrypt the console’s “Individual Infos”, like eEID. But not the whole eEID is encrypted the same way, special seeds are used to calculate key/iv pairs for the different sections.

And not even that is true for every eEID section, because for e.g. EID0 another step is needed to generate the final section key(set). Each of the isolated modules using such an “Individual Info” has a special section that isoldr uses to generate the derived key(set)s.

But the generation works in a way, that the section data is encrypted with aes-cbc using the isolated root keyset, so it is not possible to calculate the isolated root keyset back from the derived key(set)s, because aes shouldn’t allow a known plaintext attack.

So far I can decrypt some of EID0′s sections, EID1, EID2 and EID4. EID5 encryption should be similar to EID0′s but I lack the generation keys for that one.

As i have told in a other post: Simply changing the TargetID in the EID do not lead into a full debug console. The TargetID is spread in the segments of whole EID and they are in encrypted form. The both idps we can view without decrypting the EID segments do not lead into a full functional debug fw.

Yes you can run dex kernel and install debug fw but again it doesn't lead into a reall debug console.

Again no offence to you im just a bit frustrated of the scene. Im still working on the full convertion and make good steps. It wasn't that hard to figuer out what to do and how to do. I just don't understand the whole scene with releasing stuff that is nearly unnesessary for the end user.

I created this tool because i'm researching with Target ID, i changed it but not with this program (and see if is ok with IDPS Viewer), i have other to do that but PS3 crashes. This tool is for that people who are trying to change this byte to other and see if all is ok

This tool only DUMPS, is not able to write at the moment (PS3 crashes)